Fixed account email verification.

2024-12-26 07:05:52 -05:00 · 2020-12-10 03:25:26 -08:00 · 2020-12-10 03:25:26 -08:00 · 8006428bc6
commit 8006428bc6
parent 622e6597eb
3 changed files with 6 additions and 6 deletions
--- a/meshmail.js
+++ b/meshmail.js
@ -204,7 +204,7 @@ module.exports.CreateMeshMail = function (parent) {
    };

    // Send account check mail
-    obj.sendAccountCheckMail = function (domain, username, email, language, loginkey) {
+    obj.sendAccountCheckMail = function (domain, username, userid, email, language, loginkey) {
        obj.checkEmail(email, function (checked) {
            if (checked) {
                parent.debug('email', "Sending email verification to " + email);
@ -223,7 +223,7 @@ module.exports.CreateMeshMail = function (parent) {
                // Set all the options.
                var options = { username: username, email: email, servername: domain.title ? domain.title : 'MeshCentral' };
                if (loginkey != null) { options.urlargs1 = '?key=' + loginkey; options.urlargs2 = '&key=' + loginkey; } else { options.urlargs1 = ''; options.urlargs2 = ''; }
-                options.cookie = obj.parent.encodeCookie({ u: domain.id + '/' + username.toLowerCase(), e: email, a: 1 }, obj.mailCookieEncryptionKey);
+                options.cookie = obj.parent.encodeCookie({ u: userid, e: email, a: 1 }, obj.mailCookieEncryptionKey);

                // Send the email
                obj.pendingMails.push({ to: email, from: parent.config.smtp.from, subject: mailReplacements(template.htmlSubject, domain, options), text: mailReplacements(template.txt, domain, options), html: mailReplacements(template.html, domain, options) });
--- a/meshuser.js
+++ b/meshuser.js
@ -1565,7 +1565,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use
                                if (parent.parent.authlog) { parent.parent.authLog('https', 'User ' + user.name + ' changed email from ' + oldemail + ' to ' + user.email); }

                                // Send the verification email
-                                if (parent.parent.mailserver != null) { parent.parent.mailserver.sendAccountCheckMail(domain, user.name, user.email, parent.getLanguageCodes(req)); }
+                                if (parent.parent.mailserver != null) { parent.parent.mailserver.sendAccountCheckMail(domain, user.name, user._id, user.email, parent.getLanguageCodes(req)); }
                            }
                        });
                    }
@ -1585,7 +1585,7 @@ module.exports.CreateMeshUser = function (parent, db, ws, req, args, domain, use

                    if ((parent.parent.mailserver != null) && (obj.user.email.toLowerCase() == command.email)) {
                        // Send the verification email
-                        parent.parent.mailserver.sendAccountCheckMail(domain, user.name, user.email, parent.getLanguageCodes(req));
+                        parent.parent.mailserver.sendAccountCheckMail(domain, user.name, user._id, user.email, parent.getLanguageCodes(req));
                    }
                    break;
                }
--- a/webserver.js
+++ b/webserver.js
@ -1245,7 +1245,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
                                    obj.db.SetUser(user);

                                    // Send the verification email
-                                    if ((obj.parent.mailserver != null) && (domain.auth != 'sspi') && (domain.auth != 'ldap') && (obj.common.validateEmail(user.email, 1, 256) == true)) { obj.parent.mailserver.sendAccountCheckMail(domain, user.name, user.email, obj.getLanguageCodes(req), req.query.key); }
+                                    if ((obj.parent.mailserver != null) && (domain.auth != 'sspi') && (domain.auth != 'ldap') && (obj.common.validateEmail(user.email, 1, 256) == true)) { obj.parent.mailserver.sendAccountCheckMail(domain, user.name, user._id, user.email, obj.getLanguageCodes(req), req.query.key); }
                                }, 0);
                                var event = { etype: 'user', userid: user._id, username: user.name, account: obj.CloneSafeUser(user), action: 'accountcreate', msg: 'Account created, email is ' + req.body.email, domain: domain.id };
                                if (obj.db.changeStream) { event.noact = 1; } // If DB change stream is active, don't use this event to create the user. Another event will come.
@ -1547,7 +1547,7 @@ module.exports.CreateWebServer = function (parent, db, args, certificates) {
                    }

                    // Send the verification email
-                    obj.parent.mailserver.sendAccountCheckMail(domain, user.name, user.email, obj.getLanguageCodes(req), req.query.key);
+                    obj.parent.mailserver.sendAccountCheckMail(domain, user.name, user._id, user.email, obj.getLanguageCodes(req), req.query.key);

                    // Send the response
                    req.session.messageid = 2; // Email sent.